People who use WhatsApp, Telegram, and other messaging services should be aware that criminals are increasingly using impersonation tactics to con victims out of money.

Cybersecurity expert Lucas Molefe has warned that attackers were increasingly using WhatsApp to impersonate people through false accounts.

He explained that criminals pose as friends, family members, or colleagues on WhatsApp, then deceive others into handing over money or sensitive information.

However, first prize for an attacker is if they can completely take over your WhatsApp or social media profiles.

“First of all, they typically focus on SIM swaps, which steal the actual number, and this is usually done through phishing attempts. Another way is through your linked accounts,” Molefe explained.

“Because WhatsApp can be connected to Instagram and Facebook, scammers can gather information like your birthday or family connections to make their impersonation more convincing.”

According to Molefe, the most common and dangerous method remains SIM swaps, where criminals trick victims into sharing one-time passwords (OTPs).

Once they have access, scammers can hijack WhatsApp accounts, bank profiles, and even broader digital identities.

These scams often begin with attackers pretending to be someone you trust, whether a close friend or your bank’s fraud department.

They may claim to have a new number, clone or spoof an existing number to appear legitimate, or use stolen profile pictures to set up convincing duplicate accounts.

To increase the pressure, they create urgent stories that make the victim feel compelled to act immediately.

“Sometimes they impersonate someone you know or someone you trust. This happens a lot in NPOs and NGOs, and even in businesses,” Molefe warned.

“They impersonate a colleague and say, ‘Hey, I just want to check, do you see a WhatsApp OTP that just appeared? Can you give it to me quickly? I need it urgently.’ You’re going to give it because it comes with urgency.”

The psychology behind these scams makes them highly effective. “If I’m your friend or a family member and I send you a message with urgency, you’re going to first look at it and say, ‘Okay, I know Lucas,’” Molefe explained.

“Because you know me, it’s easier to communicate with me and provide assistance. And that’s what scammers exploit: urgency and trust.”

Amygdala hijack

Anna Collard, KnowBe4

Anna Collard, a security industry veteran who now works as a trainer and evangelist at KnowBe4, calls this an amygdala hijack.

“They put you under pressure because they want you to feel an emotion,” she said. This impairs your ability to think critically.

She said the best defence against this is to pause before reacting. Although this is often easier said than done, Collard believes it can be trained.

Collard said several nations have embraced the concept of building people’s cognitive defences. “This is something we can learn from other nations like Finland, Estonia, and Taiwan,” she said.

“They’ve identified Cognitive Defence as a national defence strategy, and they’re coming up with innovative programmes to help people be more vigilant and sceptical.”

WhatsApp zero-day

In addition to increased scam and fraud activity in South Africa, WhatsApp also recently patched a zero-day, zero-click vulnerability affecting its iOS and macOS messaging clients.

“Incomplete authorisation of linked device synchronisation messages for WhatsApp … could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device,” it said.

“We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms, may have been exploited in a sophisticated attack against specific targeted users.”

People targeted by these types of attacks tend to be journalists and activists operating under more authoritarian or repressive regimes. WhatsApp said it contacts potentially impacted individuals directly.

This recent vulnerability was caused by an out-of-bounds write weakness identified by Apple security researchers in the Image I/O framework that lets applications read and write most image formats.

Out-of-bounds writes occur when input is supplied to a program that causes it to write data outside its allocated memory buffer. This can lead to the program crashing, corrupting data, or executing arbitrary code.

WhatsApp’s fix of this latest vulnerability comes after it fixed another zero-day flaw in March 2025. The flaw was exploited to install Paragon’s Graphite spyware.

“WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users, including journalists and members of civil society,” a spokesperson said.

In 2021, the Pegasus Project investigation found that President Cyril Ramaphosa had potentially been targeted by state-level spyware courtesy of Rwandan president Paul Kagame.

Rwanda was reportedly one of the biggest customers of Israeli spyware developer NSO Group, with Kagame allegedly placing over 3,500 phone numbers on a list of persons of interest for surveillance.